Posted
by
BeauHDon Thursday December 08, 2016 @07:05PM
from the always-listening dept.

The Center for Digital Democracy has filed a complaint with the Federal Trade Commission warning of security and privacy holes associated with a pair of smart toys designed for children. Mashable reports: "This complaint concerns toys that spy," reads the complaint, which claims the Genesis Toys' My Friend Cayla and i-QUE Intelligent Robot can record and collect private conversations and offer no limitations on the collection and use of personal information. Both toys use voice recognition, internet connectivity and Bluetooth to engage with children in conversational manner and answer questions. The CDD claims they do all of this in wildly insecure and invasive ways. Both My Friend Cayla and i-QUE use Nuance Communications' voice-recognition platform to listen and respond to queries. On the Genesis Toy site, the manufacturer notes that while "most of Cayla's conversational features can be accessed offline," searching for information may require an internet connection. The promotional video for Cayla encourages children to "ask Cayla almost anything." The dolls work in concert with mobile apps. Some questions can be asked directly, but the toys maintain a constant Bluetooth connection to the dolls so they can also react to actions in the app and even appear to identify objects the child taps on on screen. While some of the questions children ask the dolls are apparently recorded and sent to Nuance's servers for parsing, it's unclear how much of the information is personal in nature. The Genesis Privacy Policy promises to anonymize information. The CDD also claims, however, that My Friend Cayla and i-Que employ Bluetooth in the least secure way possible. Instead of requiring a PIN code to complete pairing between the toy and a smartphone or iPad, "Cayla and i-Que do not employ... authentication mechanisms to establish a Bluetooth connection between the doll and a smartphone or tablet. The dolls do not implement any other security measure to prevent unauthorized Bluetooth pairing." Without a pairing notification on the toy or any authentication strategy, anyone with a Bluetooth device could connect to the toys' open Bluetooth networks, according to the complaint.

Posted
by
BeauHDon Thursday December 08, 2016 @08:00AM
from the two-is-better-than-one dept.

An anonymous reader quotes a report from AnandTech: Today at Microsoft's WinHEC event in Shenzhen, China, the company announced that it's working with Qualcomm to bring the full Windows 10 experience to future devices powered by Snapdragon processors. These new Snapdragon-powered devices should support all things Microsoft, including Microsoft Office, Windows Hello, Windows Pen, and the Edge browser, alongside third-party Universal Windows Platform (UWP) apps and, most interestingly, x86 (32-bit) Win32 apps. They should even be able to play Crysis 2. This announcement fits nicely with Microsoft's "Windows Everywhere" doctrine and should come as no surprise. It's not even the first time we've seen Windows running on ARM processors. Microsoft's failed Windows RT operating system was a modified version of Windows 8 that targeted the ARMv7-A 32-bit architecture. It grew from Microsoft's MinWin effort to make Windows more modular by reorganizing the operating system and cleaning up API dependencies. The major change with today's announcement over Windows RT and UWP is that x86 apps will be able to run on Qualcomm's ARM-based SoCs, along with support for all of the peripherals that are already supported with Windows 10. This alone is a huge change from Windows RT, which would only work with a small subset of peripherals. Microsoft is also focusing on having these devices always connected through cellular, which is something that is not available for many PCs at the moment. Support will be available for eSIM to avoid having to find room in a cramped design to accommodate a physical SIM, and Microsoft is going so far as to call these "cellular PCs" meaning they are expecting broad support for this class of computer, rather than the handful available now with cellular connectivity. The ability to run x86 Win32 apps on ARM will come through emulation, and to demonstrate the performance Microsoft has released a video of an ARM PC running Photoshop.

Posted
by
msmash
on Wednesday December 07, 2016 @01:40PM
from the not-enough dept.

YouTube said Tuesday that it has paid the music industry over one billion dollars in advertising revenue in the past 12 months. The music industry thinks that sum is not enough. From a report on BBC: "Google has issued more unexplained numbers on what it claims YouTube pays the music industry," said a spokesperson for the global music body, the IFPI. "The announcement gives little reason to celebrate, however. With 800 million music users worldwide, YouTube is generating revenues of just over $1 per user for the entire year. "This pales in comparison to the revenue generated by other services, ranging from Apple to Deezer to Spotify. For example, in 2015 Spotify alone paid record labels some $2bn, equivalent to an estimated $18 per user." In his blog post, Mr Kyncl conceded that the current model was not perfect, arguing: "There is a lot of work that must be done by YouTube and the industry as a whole. "But we are excited to see the momentum," he added.

Posted
by
msmash
on Tuesday December 06, 2016 @01:40PM
from the we-do-pay dept.

YouTube, the music industry's enemy No. 1 earlier this year, said Tuesday it has paid more than $1 billion in advertising revenue to artists, labels and publishers in the last 12 months. From a report on CNET: The milestone, released in a blog post by business chief Robert Kyncl, is a stab by Google's giant video site at mending fences with music industry critics. At least, it's YouTube hoping to convince some of them that the massive amount of free, ad-supported music listening that happens there is a valuable complement to music subscriptions, the industry's main area of growth right now.

Posted
by
BeauHDon Tuesday December 06, 2016 @08:00AM
from the two-is-better-than-one dept.

bongey writes: Youtube, Facebook, Twitter and Microsoft are teaming up to create a common database to flag extremist videos and pictures. The database is set to go live in 2017. The system will not automatically remove content. Reuters reports: "The companies will share 'hashes' -- unique digital fingerprints they automatically assign to videos or photos -- of extremist content they have removed from their websites to enable their peers to identify the same content on their platforms. 'We hope this collaboration will lead to greater efficiency as we continue to enforce our policies to help curb the pressing global issue of terrorist content online,' the companies said in a statement on Tuesday. Each company will decide what image and video hashes to add to the database and matching content will not be automatically removed, they said. The database will be up and running in early 2017 and more companies could be brought into the partnership."

Posted
by
msmash
on Monday December 05, 2016 @09:00AM
from the making-clear dept.

The appeal court of Rome has overturned one of the 152 website blocks another court imposed last month, and ruled that embedding does not constitute a copyright infringement. From an ArsTechnica report: The order against the Italian site Kisstube is annulled, but the other websites remain blocked. Kisstube is a YouTube channel, which also exists as a standalone website that does not host any content itself, linking instead to YouTube. Both the channel and website arrange content by categories for the convenience of users. The Italian court's decision was informed by an important ruling by the Court of Justice of the European Union (CJEU). In the BestWater case, the CJEU held that embedding or framing a video or image from another website is not copyright infringement if the latter is already accessible to the general public. However, another CJEU judgment ruled that posting hyperlinks to pirated copies of material is only legal provided it is done without knowledge that they are unauthorised versions, and it is not carried out for financial gain.

Posted
by
EditorDavid
on Monday December 05, 2016 @07:30AM
from the antisocial-media dept.

An anonymous reader quotes Gizmodo:
On Sunday, the European Commission warned Facebook, Twitter, Google, YouTube and Microsoft that if the companies do not address their hate speech problems, the EU will enact legislation that will force them to do so. In May, those five companies voluntarily signed a code of conduct to fight illegal hate speech on their platforms within 24 hours... But on Sunday, the European Commission revealed that the companies were not complying with this code in a satisfactory manner.

Posted
by
EditorDavid
on Saturday December 03, 2016 @09:39PM
from the not-finding-your-iPhone dept.

An anonymous reader quotes ComputerWorld:
Two researchers claim to have found a way to bypass the activation lock feature in iOS that's supposed to prevent anyone from using an iPhone or iPad marked as lost by its owner... One of the few things allowed from the activation lock screen is connecting the device to a Wi-Fi network, including manually configuring one. [Security researcher] Hemanth had the idea of trying to crash the service that enforces the lock screen by entering very long strings of characters in the WPA2-Enterprise username and password fields.

The researcher claims that, after awhile, the screen froze, and he used the iPad smart cover sold by Apple to put the tablet to sleep and then reopen it... "After 20-25 seconds the Add Wifi Connection screen crashed to the iPad home screen, thereby bypassing the so-called Find My iPhone Activation Lock," he said in a blog post.
There's also a five-minute video on YouTube which purports to show a newer version of the same attack.

Posted
by
EditorDavid
on Saturday December 03, 2016 @12:39PM
from the Flash-in-the-can dept.

An anonymous reader quotes Bleeping Computer: Chrome 55, released earlier this week, now blocks all Adobe Flash content by default, according to a plan set in motion by Google engineers earlier this year... While some of the initial implementation details of the "HTML5 By Default" plan changed since then, Flash has been phased out in favor of HTML5 as the primary technology for playing multimedia content in Chrome.

Google's plan is to turn off Flash and use HTML5 for all sites. Where HTML5 isn't supported, Chrome will prompt users and ask them if they want to run Flash to view multimedia content. The user's option would be remembered for subsequent visits, but there's also an option in the browser's settings section, under Settings > Content Settings > Flash > Manage Exceptions, where users can add the websites they want to allow Flash to run by default.
Exceptions will also be made automatically for your more frequently-visited sites -- which, for many users, will include YouTube. And Chrome will continue to ship with Flash -- as well as an option to re-enable Flash on all sites.

Posted
by
msmash
on Wednesday November 30, 2016 @11:45AM
from the inside-look dept.

Reader Joe_NoOne writes: Like TV, social media now increasingly entertains us, and even more so than television it amplifies our existing beliefs and habits. It makes us feel more than think, and it comforts more than challenges. The result is a deeply fragmented society, driven by emotions, and radicalized by lack of contact and challenge from outside. This is why Oxford Dictionaries designated "post-truth" as the word of 2016: an adjective "relating to circumstances in which objective facts are less influential in shaping public opinion than emotional appeals." Traditional television still entails some degree of surprise. What you see on television news is still picked by human curators, and even though it must be entertaining to qualify as worthy of expensive production, it is still likely to challenge some of our opinions (emotions, that is). Social media, in contrast, uses algorithms to encourage comfort and complaisance, since its entire business model is built upon maximizing the time users spend inside of it. Who would like to hang around in a place where everyone seems to be negative, mean, and disapproving? The outcome is a proliferation of emotions, a radicalization of those emotions, and a fragmented society. This is way more dangerous for the idea of democracy founded on the notion of informed participation. Now what can be done? Certainly the explanation for Trump's rise cannot be reduced to a technology- or media-centered argument. The phenomenon is rooted in more than that; media or technology cannot create; they can merely twist, divert, or disrupt. Without the growing inequality, shrinking middle class, jobs threatened by globalization, etc. there would be no Trump or Berlusconi or Brexit. But we need to stop thinking that any evolution of technology is natural and inevitable and therefore good. For one thing, we need more text than videos in order to remain rational animals. Typography, as Postman describes, is in essence much more capable of communicating complex messages that provoke thinking. This means we should write and read more, link more often, and watch less television and fewer videos -- and spend less time on Facebook, Instagram, and YouTube.

Posted
by
BeauHDon Tuesday November 29, 2016 @08:00AM
from the executive-decisions dept.

CNN announced Monday that it has purchased video-sharing app Beme, and will work with its founder, Casey Neistat, to build a new media brand next year focused on storytelling for a younger audience. Casey Neistat is a YouTube celebrity and tech entrepreneur who launched Beme last year. Variety reports: CNN said the new venture that it's forming out of the acquisition -- aimed at reaching millennial viewers with the street cred of Neistat's reporting and commentary -- will launch in the summer of 2017. All 11 of Beme's employees will join CNN; the cable news network will be shutting down Beme, which had garnered more than 1 million downloads. New York-based filmmaker Neistat, who has more than 5.8 million subscribers on YouTube, announced earlier this month on his channel that he would be suspending his personal vlog to focus on new projects, one of which turns out is the pact with CNN. His daily vlog dispatches cover current political and news events as well as action sequences like his viral "Snowboarding With the NYPD" video last winter. Led by Hackett, formerly VP of engineering at Yahoo's Tumblr, Beme's development team will "build technology to enable the new company and also develop mobile video capabilities for CNN's portfolio of digital properties," according to the Turner-owned cable news network. Neistat, 35, will lead the new venture's "editorial vision" as executive producer. CNN said it will employ its global resources to launch the new media brand, and plans to hire dozens of producers, builders, developers, designers and content creators for the new company. CNN said the new Beme-based company will operate as a standalone business under the CNN Digital umbrella.

Posted
by
EditorDavid
on Sunday November 27, 2016 @07:34AM
from the virtual-frags dept.

When it comes to VR ports of popular games, "Doom 3's fluid weapon handling, interactivity, and general creepiness put it in a different class entirely," writes Motherboard. An anonymous reader quotes their report:
Using the graphically enhanced "BFG" version of 2004's Doom 3, the mod from "Codes4Fun" skillfully ports to game to the HTC Vive, generally making it look as though it was designed for the platform all along. Swedish YouTuber SweViver recently posted a video showing off his first spin with it... SweViver walks and runs about naturally using only the Vive controller's touchpad...the video shows him jumping and using the mod's impressive hand-tracking to handle his gun and flashlight separately as they float before him in place of the controllers in his hands. At one point, he even whips out virtual fists that let him pummel things with the controllers' left and right triggers.
His conclusion? "This is probably the first AAA game that actually works on the Vive."

Posted
by
msmash
on Friday November 25, 2016 @06:40AM
from the security-woes dept.

An anonymous reader writes: By leveraging security flaws in the Tesla Android app, an attacker can steal Tesla cars. The only hard part is tricking Tesla owners into installing an Android app on their phones, which isn't that difficult according to a demo video from Norwegian firm Promon. This malicious app can use many of the freely available Android rooting exploits to take over the user's phone, steal the OAuth token from the Tesla app and the user's login credentials. This is possible because the Tesla Android app stores the OAuth token in cleartext, and contains no reverse-engineering protection, allowing attackers to alter the app's source code and log user credentials. The OAuth token and Tesla owner's password allow an attacker to perform a variety of actions, such as opening the car's doors and starting the motor.

Posted
by
BeauHDon Thursday November 24, 2016 @08:00AM
from the proof-of-concept dept.

As if we don't already have enough devices that can listen in on our conversations, security researchers at Israel's Ben Gurion University have created malware that will turn your headphones into microphones that can slyly record your conversations. TechCrunch reports: The proof-of-concept, called "Speake(a)r," first turned headphones connected to a PC into microphones and then tested the quality of sound recorded by a microphone vs. headphones on a target PC. In short, the headphones were nearly as good as an unpowered microphone at picking up audio in a room. It essentially "retasks" the RealTek audio codec chip output found in many desktop computers into an input channel. This means you can plug your headphones into a seemingly output-only jack and hackers can still listen in. This isn't a driver fix, either. The embedded chip does not allow users to properly prevent this hack which means your earbuds or nice cans could start picking up conversations instantly. In fact, even if you disable your microphone, a computer with a RealTek chip could still be hacked and exploited without your knowledge. The sound quality, as shown by this chart, is pretty much the same for a dedicated microphone and headphones. The researchers have published a video on YouTube demonstrating how this malware works.

Posted
by
BeauHDon Tuesday November 22, 2016 @08:00PM
from the resist-the-temptation dept.

A new bug in iOS has surfaced that will cause any iOS device to freeze when trying to view a certain .mp4 video in Safari. YouTube channel EverythingApplePro explains the bug in a video titled "This Video Will CRASH ANY iPhone!" 9to5Mac reports: As you'll see in the video below from EverythingApplePro, viewing a certain video in Safari will cause iOS to essentially overload and gradually become unusable. We won't link the infectious video here for obvious reasons, but you can take our word for it when we say that it really does render your device unusable. It's not apparently clear as to why this happens. The likely reason is that it's simply a corrupted video that's some sort of memory leak and when played, iOS isn't sure how to properly handle it, but there's like more to it than that. Because of the nature of the flaw, it isn't specific to a certain iOS build. As you can see in the video below, playing the video on an iPhone running as far back as iOS 5 will cause the device to freeze and become unusable. Interestingly, with iOS 10.2 beta 3, if you let an iPhone affected by the bug sit there for long enough, it will power off and indefinitely display the spinning wheel that you normally see during the shutdown process. If someone sends you the malicious link and you fall for it, this is luckily a pretty easy problem to fix. All you have to do is hard reboot your device. For any iPhone but the iPhone 7, this can be done by long-pressing the power and Home buttons at the same time. The iPhone 7, of course, uses a new non-mechanical Home button. In order to reboot an iPhone 7, you must long-press the power button and volume down button at the same time.

Posted
by
msmash
on Tuesday November 22, 2016 @11:40AM
from the immediate-future-plans dept.

US President-elect Donald Trump has confirmed that the U.S. will pull out of the Trans-Pacific Partnership (TPP) -- a trade deal involving 12 Pacific Rim nations -- "on day one" of his presidency. From a report on ArsTechnica: Trump, in a YouTube video outlining plans for his first 100 days in office, said: "I'm going to issue our notification of intent to withdraw from the Trans-Pacific Partnership, a potential disaster for our country." He added: "Instead, we will negotiate fair, bilateral trade deals that bring jobs and industry back on to American shores." An emphasis on bilateral trade deals may call into question both the Trade in Services Agreement (TISA), involving dozens of nations, and the Transatlantic Trade and Investment Partnership (TTIP). Although the latter is between the US and the European Union, the complex political structure of the EU means that effectively 28 nations are involved and can influence the outcome of the deal. This was demonstrated by the dramatic intervention of the Walloon regional government in the signing of CETA, the bloc's trade deal with Canada.

Posted
by
msmash
on Tuesday November 22, 2016 @10:20AM
from the dilemma dept.

An anonymous reader writes: Amazon's next Prime membership benefit could be the ability to stream live sports. The Wall Street Journal reported Monday that Amazon is in talks with leagues like the NFL, NBA, MLB, and a handful of others about live game rights. The fact that Amazon wants to stream live sports isn't a new development. But the Journal did have a noteworthy tidbit: Amazon could offer a "premium, exclusive sports package" to those who pay for a $99 per year, or $8.99 per month, Prime membership. Amazon is exploring streaming rights to multiple sports at a variety of levels. The Journal reported that Amazon wanted to exclusively license NBA's League Pass streaming product; it is also reaching out to traditional broadcasters like Univision and ESPN about the content they own but don't end up airing on TV.Amazon was also recently exploring deals with Indian Premier League, a cricket match league. In a recent interview with David Remnick of The New Yorker, Reed Hastings said that one of the most difficult decisions for him has been to not do live sports. He said Netflix doesn't want to move away from movies and TV shows, and only focus on improving the quality of the shows and user experience.

Posted
by
BeauHDon Tuesday November 22, 2016 @08:00AM
from the right-vs-wrong dept.

Programmer and teacher Bill Sourour wrote a post last week called "Code I'm Still Ashamed Of," where he recounts a story in which he was hired to write code for a pharmaceutical company. Little did he know at the time, he was being "duped into helping the company skirt drug advertising laws in order to persuade young women to take a particular drug," recaps Business Insider. "He later found out the drug was known to worsen depression and at least one young woman committed suicide while taking it." Sourour was inspired to write the post after viewing a talk by Robert Martin, called "The Future of Programming," who argues that software developers need to figure out how to self-regulate themselves quickly as software becomes increasingly prevalent in many people's lives. Business Insider reports: "Let's decide what it means to be a programmer," Martin says in the video. "Civilization depends on us. Civilization doesn't understand this yet." His point is that in today's world, everything we do like buying things, making a phone call, driving cars, flying in planes, involves software. And dozens of people have already been killed by faulty software in cars, while hundreds of people have been killed from faulty software during air travel. "We are killing people," Martin says. "We did not get into this business to kill people. And this is only getting worse." Martin finished with a fire-and-brimstone call to action in which he warned that one day, some software developer will do something that will cause a disaster that kills tens of thousands of people. But Sourour points out that it's not just about accidentally killing people or deliberately polluting the air. Software has already been used by Wall Street firms to manipulate stock quotes. "This could not happen without some shady code that creates fake orders," Sourour says. We'd like to ask what your thoughts are on Sourour's post and whether or not you've ever had a similar experience. Have you ever felt ashamed of your code?

Posted
by
EditorDavid
on Monday November 21, 2016 @03:34AM
from the forbidden-photos dept.

An anonymous reader writes:
OnlineCensorship.org just released a new report "to provide an objective, data-driven voice in the conversation around commercial content moderation." They're collecting media reports about censorship on Facebook, Twitter, Instagram, YouTube, Flickr and Google+, and have now analyzed 294 reports of content takedowns -- 74% of which pertained to Facebook. (Followed by Instagram with 16% and Twitter with 7%.) 47% of all the takedowns were nudity-related, while the next two most frequent reasons given were "real name" violations and "inappropriate content".

Noting "a more visible public debate" over content moderation, the report acknowledges that 4.7 billion Facebook posts are made every day. (It also reports the "consistent refrain" from services apologizing for issues -- that "our team processes millions of reports each week...") But the most bizarre incident they've identified was the tech blogger in India who was locked out of his Facebook account in October because he shared a photo of a cat in a business suit. "It might sound stupid but this just happened to me," he told Mashable India, which reports Facebook later apologized and said it had made a mistake.
Their report -- part of the EFF's collaboration with Visualizing Impact -- urges platforms to clarify their guidelines (as well as applicable laws), to explain the mechanisms being used to evaluate content and appeals, and to share those criteria when notifying users of take-downs. For example, in August Facebook inexplicably removed a 16-century sketch by Erasmus of Rotterdam detailing a right hand.